Scope-based permissions

Permissions for Akamai Control Center users are managed using scopes. Scopes are determined by a user’s name, and the terms of the contract also play a role in determining a user’s permissions

In previous Global Traffic Management releases, portal users were created with a specific role. Each role had specific access permissions associated with it that were bundled into GTM and other Akamai products. Contracts also included specific engineering products. In these versions, creating a user with specified roles in a specific contract dictated what permissions are allowed for a user.

There are three scope levels:
  • View: You can view and read about the domains but cannot save, add, or edit anything. None of the UI buttons or fields are active except for actions that only need View scope, such as viewing the domain history or downloading the domain’s configuration from the top of a domain’s page.
  • Add: You can add a domain but only for those contracts in which you have an Add scope. The Add New Domain page will display and all buttons and fields are enabled. If you do not have Add scope, the Add New Domain page will display an error message and all buttons and tabs will be grayed out. Note that you cannot add new data centers if you have a performance plus domain with this scope. The ability to add a new data center will only be enabled if the domain is not a performance plus domain, and you have Add and Edit domain rights.
  • Edit: You can perform several functions within the domain and its properties, data centers, maps, and other functions. For example, you can delete a property or create a new geographic map. You can perform create, edit, and delete functions on a domain but you cannot add a new domain or a new data center with Edit scope. All UI buttons and fields are active.

Currently, there is no scope to delete a domain. Contact Akamai Support if you need to delete a domain.

When you start GTM, it checks for all the contracts you can access as well as the features and scopes for those contracts. It determines the scopes available for each contract. The contracts returned will not be restricted by data passed from the client. The exception to this is the Add scope. This scope will only be in the scope list if the contract ID belongs to the group ID passed by the client.

To determine if you have Add scope, the contracts are checked to see if any of them have that scope. If they do have Add scope you can add domains. On the Add New Domain page, the contract menu will list only those contracts that have Add scope. You will see the Contract menu even if you only have one contract. This is to let you know which contract you are adding a domain to.

Per-domain attributes

Control Center scopes for GTM are controlled at the contract level. If you want one user to be able to edit one property and another user to be able to edit another property, then the two properties must belong to different GTM domains.

You can configure load feedback (on or off). The listed attributes are administrative settings that can be changed by Akamai. If you want two properties to differ in one or more of these settings, then the two properties must belong to different domains:
  • Load feedback (on or off)
  • Minimum allowed test interval
  • Maximum allowed test timeout
  • Minimum allowed TTL
  • Maximum allowed TTL
  • Round-robin prefix
  • Maximum number of properties allowed

Contact Akamai for a full list of these attributes.